Linux Distros Unpatched Vulnerability : CVE-2016-5416

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - 389 Directory Server in Red Hat Enterprise Linux Desktop 6 through 7, Red Hat Enterprise Linux HPC Node 6 through 7, Red Hat Enterprise Linux Server 6 through 7...

Trigger `beforeFind` not invoked in internal query pipeline when fetching pointer

Impact A Parse Pointer can be used to access internal Parse Server classes. It can also be used to circumvent the beforeFind query trigger which can be an additional vulnerability for deployments where the beforeFind trigger is used as a security layer to modify an incoming query. Patches The...

GHSA-9PRM-JQWX-45X9 Phishing attack vulnerability by uploading malicious HTML file

Impact Phishing attack vulnerability by uploading malicious files. A malicious user could upload a HTML file to Parse Server via its public API. That HTML file would then be accessible at the internet domain at which Parse Server is hosted. The URL of the the uploaded HTML could be shared for...

Memory corruption

An issue was discovered in Couchbase Server 5.x and 6.x before 6.5.2 and 6.6.x before 6.6.2. Internal users with administrator privileges, @cbq-engine-cbauth and @index-cbauth, leak credentials in cleartext in the indexer.log file when they make a /listCreateTokens, /listRebalanceTokens, or...

Authentication flaw

An issue was discovered in Couchbase Server 5.x and 6.x through 6.6.1 and 7.0.0 Beta. Incorrect commands to the REST API can result in leaked authentication information being stored in cleartext in the debug.log and info.log files, and is also shown in the UI visible to administrators...

Design/Logic Flaw

YSoft SafeQ Server 6 allows a replay attack...

CVE-2018-15498

Technical details about CVE-2018-15498 are not provided in the connected documents. The entries only reiterate the replay-attack description for YSoft SafeQ Server 6. Monitor for official advisories and patch information.

CVE-2018-6569

West Wind Web Server 6.x is affected: the /ADMIN.ASP page can be accessed without authentication, allowing an attacker to perform actions with potential program execution, termination, data disclosure, or DoS as described in linked CVE records. This is supported by multiple sources (CVE-2018-6569...

Design/Logic Flaw

An issue was discovered in Open-Xchange Server 6 / OX AppSuite before 7.8.0-rev26. The "session" parameter for file-download requests can be used to inject script code that gets reflected through the subsequent status page. Malicious script code can be executed within a trusted domain's context...

CVE-2016-2840

An issue was discovered in Open-Xchange Server 6 / OX AppSuite before 7.8.0-rev26. The "session" parameter for file-download requests can be used to inject script code that gets reflected through the subsequent status page. Malicious script code can be executed within a trusted domain's context...

CVE-2015-5375

Cross-site scripting XSS vulnerability in unspecified dialogs for printing content in the Front End in Open-Xchange Server 6 and OX App Suite before 6.22.8-rev8, 6.22.9 before 6.22.9-rev15m, 7.x before 7.6.1-rev25, and 7.6.2 before 7.6.2-rev20 allows remote attackers to inject arbitrary web scrip...

Open-Xchange Security Advisory 2015-02-12

Product: Open-Xchange Server 6 / OX AppSuite Vendor: Open-Xchange GmbH Internal reference: 35889 Bug ID Vulnerability type: Information Exposure CWE-200 Vulnerable version: 7.6.1 and earlier Vulnerable component: backend Report confidence: Confirmed Solution status: Fixed by Vendor Fixed version:...

RedHat Update for procmail RHSA-2014:1172-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Design/Logic Flaw

Unquoted Windows search path vulnerability in the QEMU Guest Agent service for Red Hat Enterprise Linux Desktop 6, HPC Node 6, Server 6, Workstation 6, Desktop Supplementary 6, Server Supplementary 6, Supplementary AUS 6.4, Supplementary EUS 6.4.z, and Workstation Supplementary 6, when installing...

Open-Xchange Server 6 - Multiple Vulnerabilities

Multiple security issues for Open-Xchange Server have been discovered and fixed. The vendor has chosen responsible full disclosure to publish security issue details. Users of the software have already been provided with patched versions. Proof regarding authenticity can be obtained from the...

Open-Xchange Server 6 - Multiple Vulnerabilities

Open-Xchange Server 6 - Multiple Vulnerabilities Multiple security issues for Open-Xchange Server have been discovered and fixed. The vendor has chosen responsible full disclosure to publish security issue details. Users of the software have already been provided with patched versions. Proof...

Open-Xchange Server 6 - Multiple Vulnerabilities

Exploit for php platform in category web applications Multiple security issues for Open-Xchange Server have been discovered and fixed. The vendor has chosen responsible full disclosure to publish security issue details. Users of the software have already been provided with patched versions. Proof...

Open-Xchange 6 XSS / LFI / SSRF / Hashing

Multiple security issues for Open-Xchange Server have been discovered and fixed. The vendor has chosen responsible full disclosure to publish security issue details. Users of the software have already been provided with patched versions. Proof regarding authenticity can be obtained from the...

RedHat Update for freetype RHSA-2013:0216-01

Check for the Version of freetype OpenVAS Vulnerability Test RedHat Update for freetype RHSA-2013:0216-01 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

Linux系统kexec-tools "kdump/mkdumprd"信息泄露漏洞

BUGTRAQ ID: 50420 CVE ID: CVE-2011-3590 Linux是自由电脑操作系统。 Linux系统的kdump/mkdumprd工具在实现上存在本地信息泄露漏洞，本地攻击者可利用此漏洞获取敏感信息，例如根用户使用的ssh密钥。 Linux kernel 3.x Linux kernel 2.6.x RedHat Enterprise Linux Workstation 6 RedHat Enterprise Linux Server 6 RedHat Enterprise Linux HPC Node 6 RedHat Enterprise Linux...